|
> >
> > > Question: Is it possible to connect to a lvs service from the router?
> > > Or if not, why? If it is not, the it would be quite a showstopper for
> > > the application we have in mind; the web server is just a test to verify
> > > that our cluster is working correctly.
Yes and no. 2.4 kernels support internal nat connections.
CONFIG_IP_NF_NAT_LOCAL=y
You MUST be using iptables, as ipchains will not work with this as the
options is only applicable to iptables.
I have this working on the realservers, but not tested on the director
itself.
IE:
[net]
|
[director]
/ \
[realserver1][realserver2]
I sit on realserver1, and access say a website that would normally come in
via the director and request be sent to the realserver. Now I am coming
from the realserver which will hit the director, and the director will
internally loop back for me.
Previously I would have had to add a entry into the local hosts file on
the machine, pointing the name back to the local ip address of the
realserver.
>
> > The LVS (is that what you mean by router)
>
> I used the term LVS for the cluster as a whole; by router I meant the
> machine that is playing the director/load balancer.
>
> > cannot connect to its own VIPs
You may be able to do it with that option enabled in the kernel. I have
not tested though as stated above.
>
> *grumble* This is exactly the answer I did not want to hear....
>
> > , but it can connect to the RIPs on the web servers in the cluster.
>
> Yes, this works fine. Of course :-) (like I said in my original mail,
> the virtual web server is up and running OK)
>
> > You can use mon,keepalived or ldirectord to monitor the real servers in
> > your cluster.
> >
> > If you want to monitor the VIPs then use a monitoring device outside
> > your network or inside as well if you want..
>
> Hmmm... But this is not the reason for trying to connect to the VIP's
> from the router itself (although I can see that, too. Big Brother comes to
> mind here)
> What we actually are trying to do is the following. We have set up a
> HA-Cluster using RedHat AS 2.1 using their cluadmin software package.
> Additionally, this HA-cluster should serve as a NAT router for the real
> nodes of a LVS cluster. The main service running on the HA cluster is a
> mail server. We planned to do the virus checking on the processed emails
> on a load balanced cluster using LVS.
> So the upshot is that the mail server running on the NAT router needs to
> connect to the VIP of the virus scanner, simply to get the emails checked.
> If this setup is impossible, we would have to deploy a second HA cluster
> simply to do the routing, which seems like a bit of an overkill. (nb. it
> is not an option to run the router on the second HA-cluster sibling (where
> no mail server is running), because when this fails, we would be left with
> a nonfunctioning setup)
> I hope this clear up a little mor what we are trying to do. Thanks for
> your help!
What you are trying to do can be done.
You want to come from a realserver to another realserver via the director.
So in essence, you do not need to connect to the VIP on the director from
the director, you want to connect to the VIP on the director from a
realserver, which would then redirect back to a realserver? Yes?
If so then the option in the kernel is what you will need to be looking
at.
Regards
Ian Millsom
|
